GDPR Website Checklist - See If Your Website Is GDPR Compliant.
The General Data Protection Regulation, or GDPR, is a new set of rules which will replace the current UK Data Protection Act of 1998. The purpose of GDPR is to give people greater autonomy over how their data is used by companies, and this means hefty penalties could be levied at companies who fail to comply with the new rules. Every aspect of your business, from web maintenance to marketing strategy, is likely to be affected by GDPR – and it’s time to act now. Here we will go through GDPR for websites.
GDPR comes into legislation on May 25th 2018. Achieving GDPR compliance may seem like a struggle, but with this handy checklist you should be able to get your data up to scratch. While this list is far from exhaustive, it should give you a brief outline of the processes your business should be implementing to remain compliant in the following categories:
• Use a layered privacy notice, with the most important information upfront, and more detailed policy underneath.
• Explain why the data of an individual is needed when collecting it.
• Inform individuals of what we will do with their data.
• Offer the right to refuse marketing.
• Collect the minimum data necessary.
• Delete records after use.
Asking for consent:
• Ask customers/prospects to opt-in to marketing.
• Use plain, easy-to-understand language.
• Let individuals know they can withdraw their consent.
• Inform individuals withdrawal of consent won’t be to their detriment.
• Don’t make consent a pre-condition of service.
• Keep a record of when and how consent was obtained.
• Don’t use “pre-ticked” boxes as standard in web design.
• Keep consent separate from terms & conditions.
Provisions of information – make individuals aware of the following:
• The contact details and identity of your organisation.
• Details of your assigned data protection officer.
• The details of any third parties their details may be passed onto.
• Details of countries outside the EU in which their data may be processed.
• How long individuals’ data will be stored, and why.
• If statutory or contract law requires the data of an individual.
• The right to complain to the Information Commissioner's Office if the individual feels their data has been misused.
• The right of the individual to request the deletion of their data.
• The reasons for processing data.
Third -party data – if purchasing data, you must:
• Know how the list has been compiled.
• Know whether consent has been obtained/updated.
• Request that data has been screened against the Mailing Preference Service/Telephone Preference Service.
• Ensure your organisation was named during the data collection process.
• Explain how you profile an individual for marketing purposes if they request such information.
• Give everyone the option to opt out of profiling.
While implementing these points into your current data collection processes may seem a little bit complicated, don’t worry – you’re not alone. GDPR is set to affect thousands of businesses throughout the entire world, and if you feel like your team could use some help in ensuring compliance by May 25th, the good news is that Design Box is currently offering a service which updates seven key website areas to ensure compliance for just £99.